8 June 2021 - Rule Update Notice
CFM-007 - AWS CloudFormation Drift Detection
As a part of the recent deployment on Monday 31st May 2021, we released the rule CFM-007 - AWS CloudFormation Drift Detection which checks whether the resources created or updated by your Amazon CloudFormation stacks have drifted from their expected template configuration.
We have updated this rule to no longer trigger the “DetectStackDrift’’ process which gets the latest drift status to perform the check. In some customer environments, Conformity triggering of this process caused an unusually high number of API calls and some access denied errors.
The updated rule only produces checks if a drift status is provided as a part of the existing CloudFormation Stack resource metadata. If there is no drift status, no checks will be generated by this rule.
We recommend that you trigger the “DetectStackDrift” process at your convenience with the help of an automated script accessible here.
Please note that any checks generated for CFM-007 on your AWS accounts before this rule update deployed at 4:00 am Tuesday 8th June 2021 UTC will be removed by Conformity.